--- smeserver-subversion-1.4/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28SubversionContent.ImplementReadWriteAccess4	2008-02-24 16:55:12.000000000 +0100
+++ smeserver-subversion-1.4/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28SubversionContent	2008-02-24 16:56:15.000000000 +0100
@@ -47,7 +47,7 @@
             my %properties = $repository->props;
 
             my $error = "";
-            my $forceSSL;
+            my $forceSSL = '';
 
             my $allow;
             my $pass;
@@ -82,9 +82,6 @@
                     $pass    = 0;
                     $satisfy = 'all';
 
-                    $error .= "    # - Illegal or no value set for AccessType:\n";
-                    $error .= "    #   Only allowing access from localhost\n";
-
                 }
 
             }
@@ -120,204 +117,221 @@
             my $SVNAutoVersioning = $properties{'SVNAutoVersioning'} || 'off';
             my $ModMimeUsePathInfo = $properties{'ModMimeUsePathInfo'} || 'off';
 
-            # Always have a section for a virtualhost at port 80 and only if neccesarry 
-            # (when authentification is required and therefore passwords are transmitted)
-            # for a virtualhost at port 443.
-            if  ( ( ($pass eq 0) && ($port eq 80) ) || ( ($pass) || ($forceSSL) ) ) {
-
-                $OUT .= "\n";
-                $OUT .= "    #------------------------------------------------------------\n";
-                $OUT .= "    # $key repository directory ($properties{'Description'})\n";
-                $OUT .= "    # Some error(s) occurred:\n$error" if ($error);
-                $OUT .= "    #------------------------------------------------------------\n";
-
-                my $allowOverride = $properties{'AllowOverride'} || "None";
+            my $allowOverride = $properties{'AllowOverride'} || "None";
 
-                my $usersRead;
-                my @listRead;
+            my $usersRead;
+            my $groupsRead = '';
+            my @listRead;
 
-                if ($properties{'GroupsRead'}) {
+            if ($properties{'GroupsRead'}) {
 
-                    my @groupsRead = split (/,/, $properties{'GroupsRead'});
+                my @groupsRead = split (/,/, $properties{'GroupsRead'});
 
-                    foreach my $groupRead (@groupsRead) {
+                foreach my $groupRead (@groupsRead) {
 
-                        my $membersRead = $db_accounts->get_prop($groupRead, 'Members') || "";
+                    my $membersRead = $db_accounts->get_prop($groupRead, 'Members') || "";
 
-                        if (length($membersRead) > 0) {
+                    if (length($membersRead) > 0) {
 
-                           push @listRead, split (/,/, $membersRead);
+                        push @listRead, split (/,/, $membersRead);
 
-                        }
-                     
                     }
-
+                     
                 }
 
-                if ($properties{'UsersRead'}) {
+            }
 
-                     push @listRead, split (/,/, $properties{'UsersRead'});
+            if ($properties{'UsersRead'}) {
 
-                } 
+                push @listRead, split (/,/, $properties{'UsersRead'});
 
-                if (@listRead > 1) {
+            } 
 
-                    @listRead = sort(@listRead);
+            if (@listRead > 1) {
 
-                }
+                @listRead = sort(@listRead);
 
-                my $prevRead = '';
-                @listRead = grep($_ ne $prevRead && (($prevRead) = $_), @listRead);
+            }
 
-                $usersRead = join(" ", @listRead) || '';
+            my $prevRead = '';
+            @listRead = grep($_ ne $prevRead && (($prevRead) = $_), @listRead);
 
-                undef @listRead;
+            $usersRead = join(" ", @listRead) || '';
 
-                my $usersWrite;
-                my @listWrite;
+            undef @listRead;
 
-                if ($properties{'GroupsWrite'}) {
+            my $usersWrite;
+            my $groupsWrite = '';
+            my @listWrite;
 
-                    my @groupsWrite = split (/,/, $properties{'GroupsWrite'});
+            if ($properties{'GroupsWrite'}) {
 
-                    foreach my $groupWrite (@groupsWrite) {
+                my @groupsWrite = split (/,/, $properties{'GroupsWrite'});
 
-                        my $membersWrite = $db_accounts->get_prop($groupWrite, 'Members') || "";
+                foreach my $groupWrite (@groupsWrite) {
 
-                        if (length($membersWrite) > 0) {
+                    my $membersWrite = $db_accounts->get_prop($groupWrite, 'Members') || "";
 
-                           push @listWrite, split (/,/, $membersWrite);
+                    if (length($membersWrite) > 0) {
 
-                        }
+                        push @listWrite, split (/,/, $membersWrite);
 
                     }
 
                 }
 
-                if ($properties{'UsersWrite'}) {
+            }
 
-                     push @listWrite, split (/,/, $properties{'UsersWrite'});
+            if ($properties{'UsersWrite'}) {
 
-                }
+                push @listWrite, split (/,/, $properties{'UsersWrite'});
 
-                if (@listWrite > 1) {
+            }
 
-                    @listWrite = sort(@listWrite);
+            if (@listWrite > 1) {
 
-                }
+                @listWrite = sort(@listWrite);
 
-                my $prevWrite = '';
-                @listWrite = grep($_ ne $prevWrite && (($prevWrite) = $_), @listWrite);
+            }
 
-                $usersWrite = join(" ", @listWrite) || '';
+            my $prevWrite = '';
+            @listWrite = grep($_ ne $prevWrite && (($prevWrite) = $_), @listWrite);
 
-                undef @listWrite;
+            $usersWrite = join(" ", @listWrite) || '';
 
-                # Only when authentification is required or SSL is forced
-                if ( ($pass) || ($forceSSL) ) {
-
-                     # Enable RewriteRule only when neccesarry:
-                     # - when we are configureing the VirtualDomain for a non-secured port
-                     # - when module for SSL is loaded
-                     # - when plaintext passwords are not allowed
-                     # - when HTTP over SSL is forced
-                     if ( ($port ne "443") && ($haveSSL eq 'yes') && ( ($plainTextAccess ne 'yes') || ($forceSSL) ) ) {
-
-                        $OUT .= "\n";
-                        $OUT .= "    RewriteEngine on\n";
-                        $OUT .= "    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)\n";
-                        $OUT .= "    RewriteRule .* - [F]\n";
-                        $OUT .= "\n";
-                        $OUT .= "    RewriteRule ^/$key(/.*|\$)    https://%{HTTP_HOST}/$key\$1 [L,R]\n";
+            undef @listWrite;
 
-                    }
+            $OUT .= "\n";
+            $OUT .= "    #------------------------------------------------------------\n";
+            $OUT .= "    # $key repository directory ($properties{'Description'})\n";
+            $OUT .= "    #------------------------------------------------------------\n\n";
 
-                    # Enable authentification only when required and SSL is provided
-                    if ( ($pass) && ($port eq "443") ) {
+            # port = 80 &&
+            #  forceSSL = yes || pass = 1
+            #  groupsWrite ne "" &&
+            #   groupsRead || usersRead
+            #   groupsRead && usersRead
+            #  usersWrite ne "" &&
+            #   groupsRead || usersRead
+            #   groupsRead && usersRead
+
+            if ( ($port eq 80) && ( ($forceSSL eq 'yes') || ($pass eq 1) || ($groupsRead ne "") || ($usersRead ne "") || ( ($groupsRead ne "") && ($usersRead ne "") ) ) ){
+
+                $OUT .= "    # Redirecting: Only access over SSL allowed\n";
+                $OUT .= "    RewriteEngine on\n";
+                $OUT .= "    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)\n";
+                $OUT .= "    RewriteRule .* - [F]\n";
+                $OUT .= "    RewriteRule ^/$key(/.*|\$)    https://%{HTTP_HOST}/$key\$1 [L,R]\n\n";
+
+            } else {
+
+                if ( ( ($port eq 80) && ($forceSSL ne 'yes') && ($pass ne 1) ) || ($port eq 443) ) {
+
+                    if ($port eq 443) {
 
-                        $OUT .= "\n";
                         $OUT .= "    AddExternalAuth pwauth /usr/lib/httpd/modules/pwauth\n";
-                        $OUT .= "    SetExternalAuthMethod pwauth pipe\n";
+                        $OUT .= "    SetExternalAuthMethod pwauth pipe\n\n";
 
                     }
-            
-                }
 
-                $OUT .= "\n";
-                $OUT .= "    <Location /$key>\n";
+                    $OUT .= "    <Location /$key>\n\n";
 
-                $OUT .= "\n";
-                $OUT .= "        DAV svn\n";
-                $OUT .= "        SVNPath /home/e-smith/files/repositories/$key\n";
-
-                $OUT .= "\n";
-                $OUT .= "        SVNAutoVersioning $SVNAutoVersioning\n";
-                $OUT .= "        ModMimeUsePathInfo $ModMimeUsePathInfo\n";
-
-                $OUT .= "\n";
-                $OUT .= "        Options None\n";
-                $OUT .= "        AllowOverride $allowOverride\n";
-                $OUT .= "        order deny,allow\n";
-                $OUT .= "        deny from all\n";
-
-                # Only allow when really allowed:
-                # - a secure connection is available and authentification is required
-                # - authentification is not required and no SSL is forced
-                # - a secure connection is unavailable
-                if ( ($port eq "443") || ( ($pass eq 0) && ($forceSSL eq 0) ) || ($haveSSL ne 'yes') ) {
+                    $OUT .= "        DAV svn\n";
+                    $OUT .= "        SVNPath /home/e-smith/files/repositories/$key\n\n";
 
-                    $OUT .= "        allow from $allow\n";
+                    $OUT .= "        SVNAutoVersioning $SVNAutoVersioning\n\n";
+                    $OUT .= "        ModMimeUsePathInfo $ModMimeUsePathInfo\n\n";
 
-                    # Enable authentification against the SME Server users and groups when required
-                    if ($pass) {
+                    if ( ($port eq 443) && ( ($forceSSL eq 'yes') || ($pass eq 1) ) && ($groupsWrite ne "") || ($usersWrite ne "") || ($groupsRead ne "") || ($usersRead ne "") ) {
 
-                        $OUT .= "\n";
                         $OUT .= "        AuthName \"$properties{'Description'}\"\n";
                         $OUT .= "        AuthType Basic\n";
-                        $OUT .= "        AuthExternal pwauth\n";
+                        $OUT .= "        AuthExternal pwauth\n\n";
 
+                    }
 
-                        if ($usersRead) {
+                    $OUT .= "        # Read access:\n";
+                    $OUT .= "        #  Anonymous access\n" unless ( ($groupsRead ne "") || ($usersRead ne "") );
+                    $OUT .= "        #  Group(s): " . ($groupsRead || "none") . "\n" unless ($groupsRead eq "");
+                    $OUT .= "        #  User(s) : " . ($usersRead || "none") . "\n" unless ($usersRead eq "");
 
-                            $OUT .= "        <Limit GET PROPFIND OPTIONS REPORT>\n";
-                            $OUT .= "            Require user $usersRead\n";
-                            $OUT .= "        </Limit>\n";
+#                    $OUT .= "        <LimitExcept GET PROPFIND OPTIONS REPORT>\n";
+                    $OUT .= "        <Limit GET PROPFIND OPTIONS REPORT>\n";
 
-                        }
+                    $OUT .= "            order deny,allow\n";
+                    $OUT .= "            deny from all\n";
 
-                        if ($groupsRead) {
+                    if ( ( ($groupsRead eq "") && ($usersRead eq "") ) || ( ( ($groupsRead ne "") || ($usersRead ne "") ) && ($port eq 443) ) ) {
 
-                            $OUT .= "        <Limit GET PROPFIND OPTIONS REPORT>\n";
-                            $OUT .= "            Require group $groupsRead\n";
-                            $OUT .= "        </Limit>\n";
+                        $OUT .= "            allow from $allow\n";
+                        $OUT .= "            Require group $groupsRead\n" unless ($groupsRead eq "");
+                        $OUT .= "            Require user $usersRead\n" unless ($usersRead eq "");
 
-                        }
+                    } else {
 
-                        if ($usersWrite) {
+                        $OUT .= "            # Denying access:\n";
+                        $OUT .= "            # User authentication required this requires SSL\n";
 
-                            $OUT .= "        <LimitExcept GET PROPFIND OPTIONS REPORT>\n";
-                            $OUT .= "            Require user $usersWrite\n";
-                            $OUT .= "        </LimitExcept>\n";
+                    }
 
-                        }
+                    $OUT .= "            Satisfy $satisfy\n";
+#                    $OUT .= "        </LimitExcept>\n\n";
+                    $OUT .= "        </Limit>\n\n";
+
+                    $OUT .= "        # Full access:\n";
+                    $OUT .= "        #  Anonymous access\n" unless ( ($groupsWrite ne "") || ($usersWrite ne "") );
+                    $OUT .= "        #  Group(s): " . ($groupsWrite || "none") . "\n" unless ($groupsWrite eq "");
+                    $OUT .= "        #  User(s) : " . ($usersWrite || "none") . "\n" unless ($usersWrite eq "");
+
+#                    $OUT .= "        <Limit GET PROPFIND OPTIONS REPORT>\n";
+                    $OUT .= "        <LimitExcept GET PROPFIND OPTIONS REPORT>\n";
+
+                    $OUT .= "            order deny,allow\n";
+                    $OUT .= "            deny from all\n";
+
+                    if ( 
+                         ( ($port eq 443) && 
+                           (
+                             ( ($groupsRead eq "") && ($usersRead eq "") ) ||
+                             ( ($groupsWrite eq "") || ($usersWrite eq "") ) && ( ($groupsRead eq "") && ($usersRead eq "") ) ||
+                             ( ($usersRead ne "") && ( ($groupsWrite ne "") || ($usersWrite ne "") || ( ($groupsWrite ne "") && ($usersWrite ne "") ) ) ) ||
+                             ( ($groupsRead ne "") && ( ($groupsWrite ne "") || ($usersWrite ne "") || ( ($groupsWrite ne "") && ($usersWrite ne "") ) ) ) 
+                           )
+                         ) || ( 
+                           ($port eq 80) && 
+                           ( ($groupsWrite eq "") && ($usersWrite eq "") && ($groupsRead eq "") && ($usersRead eq "") ) 
+                         )
+                       ) {
+
+                        $OUT .= "            allow from $allow\n";
+                        $OUT .= "            Require group $groupsWrite\n" unless ($groupsWrite eq "");
+                        $OUT .= "            Require user $usersWrite\n" unless ($usersWrite eq "");
+
+                    } else {
+
+                        $OUT .= "            # Denying access:\n";
 
-                        if ($groupsWrite) {
+                        if ( ($groupsRead ne "") || ($usersRead ne "") || ( ($groupsRead ne "") && ($usersRead ne "") ) ) {
 
-                            $OUT .= "        <LimitExcept GET PROPFIND OPTIONS REPORT>\n";
-                            $OUT .= "            Require group $groupsWrite\n";
-                            $OUT .= "        </LimitExcept>\n";
+                            $OUT .= "            # Read authentication required, no anonymous write access allowed\n";
 
-                        }
+                        } else {
 
-                        $OUT .= "        require valid-user\n" if ( ($usersRead eq '') && ($groupsRead eq '') && ($usersWrite eq '') && ($groupsWrite eq '') );
-                        $OUT .= "        Satisfy $satisfy\n";
+                            $OUT .= "            # SSL required, no access allowed without.\n";
+                        }
 
                     }
 
-                }
+                    $OUT .= "            Satisfy $satisfy\n";
+#                    $OUT .= "        </Limit>\n\n";
+                    $OUT .= "        </LimitExcept>\n\n";
+
+#                    $OUT .= "        Satisfy $satisfy\n\n";
+#                    $OUT .= "        Satisfy any\n\n";
 
-                $OUT .= "\n";
-                $OUT .= "    </Location>\n";
+                    $OUT .= "    </Location>\n\n";
+
+                }
 
             }